Hi,
First you have to create a Costum URL Category that matches the URLs you want to exclude.
Then you create an Identity that matches the user and in the advance features you select to mathc the costum URL defined and set not to authenticate this identity.
Then you create a Access Policy for this new Identity.
Regards,